Two former employees of cybersecurity firms—one of whom was a ransomware negotiator—have pleaded guilty to carrying out a series of ransomware attacks in 2023. Ryan Goldberg, 40, and Kevin Martin, 36, extended $1.2 million in one bitcoin, the Justice Department announced Tuesday.
Goldberg, Martin, and an unidentified co-conspirator were charged in October for the attacks, which included using the ALFV/BlackCat ransomware to encrypt and steal data from their victims. As reported Chicago Sun TimesMartin and a third party worked as ransomware negotiators at a cybercrime and incident response company, Digital Mint, while Goldberg was an incident response manager at Signia Cybersecurity Services.
Alfie/BlackCat is a hacker group that uses a ransomware-as-a-service model, in which the developers who maintain the malware often take a cut of the stolen funds from cybercriminals who use it to target victims. In 2023, the FBI developed a decryption tool designed to recover data from victims of Alpha/Blackcat, which has been linked to high-profile attacks on companies such as Bandai Namco, MGM Resorts, Reddit, and UnitedHealth Group.
The DOJ indictment alleges that Goldberg, Martin, and a co-conspirator used ransomware in an attempt to extort millions of dollars from victims across the United States, including a pharmaceutical company, a doctor’s office, an engineering company, and a drone manufacturer.
“These defendants used their sophisticated cybersecurity training and experience to carry out ransomware attacks,” Assistant Attorney General A. Tyson Duva of the DOJ’s Criminal Division said in a statement.
Goldberg and Martin pleaded guilty to one count of “conspiracy to obstruct, delay, or affect commerce or the movement of any article or article in commerce.” His sentencing is scheduled for March 12, 2026, where he faces up to 20 years in prison.
